The virtual explosion of technical advances in microelectronics, digital computers and software have changed the face of modem society. In fact, these technological advances have become so important and pervasive that some people refer to this explosion as "the information revolution." Through telephone lines, networks, satellite communications and the like, information is ever increasingly being accessed and shared. While increased interconnectivity is a desirable and powerful utilization of the technological explosion, it also poses a challenge with respect to security. This is particularly true when measured against the ever increasing ability and creativity of saboteurs, hackers and agents attempting to access sensitive information.
One type of information that is desirable to remain secure contains executable content in the form of programs. In general terms, a program is a sequential set of instructions from a programming language for directing a processor to perform specified operations or functions. Within the broad meaning of program, there are several types of programs. Three of the more common types of programs are object code, pseudo code and scripts. Object code is in a binary form which can be directly recognized and used by the processor to perform the intended functions of the program. In other words, object code is in machine language which can be directly understood by a processor. Usually, object code is generated by a compiler from source code. Source code is a higher level language which can be readily understood and written by humans. Examples of source code languages include C, C++, Java, Basic, Fortran, Pascal, etc. The compiler is responsible for compiling (i.e., translating the source code) into the low level object code understandable by the machine. Because of the differences between the various types of processors and operating systems, object code is generally machine specific. In other words, object code designed to run on an INTEL microprocessor will most likely not be able to run on a MOTOROLA microprocessor.
Pseudo code, which is sometimes referred to as byte code, is an intermediate type of program between source code and object code. Typically, pseudo code is produced by compilers from source code, however, the compiler does not completely translate the source code to the final machine language form. Pseudo code is executable, but requires an interpreter that, in effect, performs the last translation from the pseudo code to an executable machine language form. Pseudo code is in a binary form that indicates to the interpreter which function it should perform. One benefit of pseudo code is that, unlike object code, it is machine independent. The interpreter, which is machine dependent, is responsible for completing the compilation and translating the pseudo code into a form understandable by the machine.
Scripts, which are usually in the form of text files, are a series of uncompiled commands and functions written in a programming language that are interpreted at the time of execution to perform the intended function or service. Sometimes, a script is referred to as source code. A script, however, is not a series of automated commands that would otherwise be entered manually, such as a batch file or a login script (the of "script" is a misnomer). Scripts are often referred to as pure interpreted languages because a script cannot be executed without the aid of an interpreter. Generally, an interpreter is started and directed to read the script. As the interpreter executes the script, the interpreter uses commands and functions in the script to control or direct its execution. In other words, the interpreter has no purpose or reason to run unless something tells it what to do. In effect, at the time of execution the interpreter performs both translations: from source code to pseudo code, then either translating the pseudo code to executable machine language code or performing the same function itself that the object code would have had it made the final translation. Some examples of script languages include PERL, Visual Basic Script, AWK, Born Shell, Korn Shell, C Shell, REXX, and the like. In the NOVELL INTRANETWARE ENVIRONMENT, the.bas (Basic or NetBasic) scripts are common. The interpreter used to run or execute the script determines the type of script file. In other words, if PERL is running the script, the script is considered to be a PERL script and the contents of script must conform to the syntax and language implementation dictated by the PERL environment.
Often it is desirable to limit access to a given program to prevent the unauthorized access and execution of such programs. Traditionally, file system security provides security on a directory or file level. In other words, files or directories can be assigned a certain kind of access. Some common examples are execute, read, write, create, erase, etc. Nevertheless, file system security can be circumvented by a knowledgeable hacker, particularly in a distributed environment, thus leaving sensitive programs potentially vulnerable. This vulnerability is especially dangerous with scripts, since such programs can be easily edited or manipulated to perform unauthorized tasked for the intruder. For instance, a script file could be modified to illicitly give the intruder high level access rights to the entire system.